The Hacker News — Cyber Security, Hacking, Technology News

Usually, hackers exploit hardware and software vulnerabilities to hack ATMs and force them to spit out cash, but now anyone can simply buy a malware to steal millions in cash from ATMs.

Hackers are selling ready-made ATM malware on an underground hacking forum that anybody can simply buy for around $5000, researchers at Kaspersky Lab discovered after spotting a forum post advertising the malware, dubbed Cutlet Maker.

The forum post provides a brief description and a detailed manual for the malware toolkit designed to target various ATMs models with the help of a vendor API, without interacting with ATM users and their data.

Therefore, this malware does not affect bank customers directly; instead, it is intended to trick the bank ATMs from a specific vendor to release cash without authorisation.

The manual also mentions an infamous piece of ATM malware, dubbed Tyupkin, which was first analysed in 2014 by Kaspersky Lab and used by an international cybercrime gang to conduct Jackpotting attack and make Millions by infecting ATMs across Europe and beyond.

c0decalc—a simple terminal-based application to generate a password for the malware.

According to Kaspersky researchers, the functionality of the Cutlet Maker malware suggests that two people are supposed to be involved in the ATM money theft—the roles are called "drop" and "drop master."

"Access to the dispense mechanism of CUTLET MAKER is password protected. Though there could be just one person with the c0decalc application needed to generate a password," the researchers say."Either network or physical access to an ATM is required to enter the code in the application text area and also to interact with the user interface."

In order to operate, the application needs a special library, which is part of a proprietary ATM API and controls the cash dispenser unit—this shows how cyber "criminals are using legitimate proprietary libraries and a small piece of code to dispense money from an ATM."

The price of this ATM malware toolkit was $5000 at the time of Kaspersky's research.

The advertisement of this Cutlet Maker ATM malware was initially published on the AlphaBay Darknet marketplace, which was recently taken down by the FBI.

AlphaBay Market, one of the largest Dark Web marketplaces for drugs, guns, and other illegal goods, suddenly disappeared overnight without any explanation from its admins, leaving its customers who have paid large sums in panic.

AlphaBay, also known as "the new Silk Road," has been shut down since Tuesday night. The site also came in the news at the beginning of this year when a hacker successfully hacked the AlphaBay site and stole over 200,000 private unencrypted messages from several users.

Although the website sometimes goes down for maintenance, customers are speculating that the admins have stolen all their Bitcoins for good measure, when heard no words from the site's admins on the downtime.

Some users at Reddit and Twitter are claiming that AlphaBay's admins may have shut down the marketplace to withdraw a huge number of bitcoins from the site's accounts.

The withdrawal Bitcoin transactions total 1,479.03904709 Bitcoin (roughly $3.8 Million), which led to suspicion from some users that the site’s admins may have pulled an exit scam to steal user funds.

In March 2015, the largest (at the time) dark web market 'Evolution' suddenly disappeared overnight from the Internet, stealing millions of dollars worth of Bitcoins from its customers.

However, users no need to worry—at least right now when nothing is confirmed, and the timing of the two incidents—site downtime and Bitcoin withdrawals—may be just coincidental.

This is not the first time AlphaBay goes offline. Last year, the site went down for about four days. Also, the blockchain transactions of about $3.8 Million are not enough for AlphaBay moderators to go offline.

One user on Reddit calls for calm and patience, saying "Now I'll admit I don't know for sure what's going on, and I am a bit nervous myself because if this is the end then I've lost a couple of hundred dollars myself But think about it Last year alphabay went down for about 4 days."

"Everyone was saying for sure that this was it, but it was not. It took the alphabay moderators days to update people on what was going on too; they're known to do this. Also about that blockchain transaction.. 44 bitcoins rounds off to about 4 million US. [I don’t know] about you but that doesn't sound like nearly enough money."

While AlphaBay continues to be down, and AlphaBay-associated Redditor who goes by moniker Big_Muscles has called users to calm down, saying the site's servers are under update and will be "back online soon."

Also unlike Silk Road, there is no indication that the law enforcement took down the AlphaBay marketplace.

Another bad news for Android users — Source code for another Android banking malware has been leaked online via an underground hacking forum.

This newly discovered banking Trojan is designed to steal money from bank accounts of Android devices' owners by gaining administrator privileges on their smartphones.

Apparently, it will attract the attention of many cyber criminals who can recompile the source code or can also use it to develop more customized and advanced variants of Android banking Trojans.

According to security researchers from Russian antivirus maker Dr. Web, the malware's source code was posted online, along with the information on how to use it, meaning Android devices are most likely to receive an increasing number of cyber attacks in upcoming days.

Leaked: Trojan Source Code + 'How to Use' Instructions

Dr. Web researchers said they have already discovered one banking trojan in the wild developed using this leaked source code, adding that the Trojan is distributed as popular apps either directly injected in APKs available online or in third-party app stores.

Dubbed BankBot, the trojan has the ability to get administrator privileges on infected devices. Once it gets full privileges, the malware trojan removes the app's icon from the phone's home screen in order to trick victims into believing it was removed.

BankBot has the ability to perform a broad range of tasks, including send and intercept SMS messages, make calls, track devices, steal contacts, show phishing dialogs, and steal sensitive information, like banking and credit card details.

"Like many other Android bankers, [BankBot] steals confidential user information by tracking the launch of online banking apps and payment system software. One sample examined by Doctor Web's security researchers controls over three dozen such programs," the researchers explains.

"Once Android.BankBot.149.origin detects that any of the aforementioned applications have been launched, it loads the relevant phishing input form to access user bank account login and password information and displays it on top of the attacked application."

Why Should You Worry about BankBot?

The malware hides itself until the victim opens any mobile banking or social media app. Once the victim opens one such app, BankBot launches a phishing login overlays, tricking victims to re-authenticate or re-enter their payment card details.

The collected data is then sent back to online servers, where the attackers can access the stolen data.

Besides this, the BankBot trojan can also intercept text messages, send them to the attackers, and then delete them from the victim's smartphone, which means bank notifications never reach the users.

How to Protect Yourself against such Attacks?

Now, this is just one piece of malware developed using the publicly available source code and discovered by researchers. There are chances that more such malware are out there targeting Android devices but not yet caught.

To prevent yourself against such attacks, as I previously recommended, you are advised to:

Always be super-careful when downloading APKs from third-party app stores. Go to Settings → Security and then Turn OFF "Allow installation of apps from sources other than the Play Store."

Never open attachments from unknown or suspicious sources.

Never click on links in SMS or MMS sent to your mobile phone. Even if the email looks legit, go directly to the website of origin and verify any possible updates.

Always keep your Anti-virus app up-to-date.

Keep your Wi-Fi turned OFF when not in use and Avoid unknown and unsecured Wi-Fi hotspots.

The world came to know about massive data breaches in some of the most popular social media websites including LinkedIn, MySpace, Tumblr, Fling, and VK.com when an unknown Russian hacker published the data dumps for sale on the underground black marketplace.

However, these are only data breaches that have been publicly disclosed by the hacker.

I wonder how much more stolen data sets this Russian, or other hackers are holding that have yet to be released.

The answer is still unknown, but the same hacker is now claiming another major data breach, this time, in Twitter.

Login credentials of more than 32 Million Twitter users are now being sold on the dark web marketplace for 10 Bitcoins (over $5,800).

LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that it received a copy of the Twitter database from Tessa88, the same alias used by the hacker who provided it hacked data from Russian social network VK.com last week.

The database includes usernames, email addresses, sometimes second email addresses, and plain-text passwords for more than 32 Million Twitter accounts.

Twitter strongly denied the claims by saying that "these usernames and credentials were not obtained by a Twitter data breach" – their "systems have not been breached," but LeakedSource believed that the data leak was the result of malware.

"Tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter," LeakedSource wrote in its blog post.

But, do you remember how Facebook CEO Mark Zuckerberg Twitter account was compromised?

The hackers obtained Zuck's account credentials from the recent LinkedIn data breach, then broke his SHA1-hashed password string, tried on his several social media accounts and successfully hacked Zuckerberg’s Twitter and Pinterest account.

So, one possibility could also be that the alleged Twitter database dump of over 32 Million users is made up of already available records from the previous LinkedIn, MySpace and Tumblr data breaches.

The hacker might just have published already leaked data from other sites and services as a new hack against Twitter that actually never happened.

Whatever the reason is, the fact remain that hackers may have had their hands on your personal data, including your online credentials.

So, it’s high time you changed your passwords for all social media sites as well as other online sites if you are using the same password.

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

LinkedIn's 2012 data breach was much worse than anybody first thought.

In 2012, LinkedIn suffered a massive data breach in which more than 6 Million users accounts login details, including encrypted passwords, were posted online by a Russian hacker.

Now, it turns out that it was not just 6 Million users who got their login details stolen.

Latest reports emerged that the 2012's LinkedIn data breach may have resulted in the online sale of sensitive account information, including emails and passwords, of about 117 Million LinkedIn users.

Almost after 4 years, a hacker under the nickname "Peace" is offering for sale what he/she claims to be the database of 167 Million emails and hashed passwords, which included 117 Million already cracked passwords, belonging to LinkedIn users.

The hacker, who is selling the stolen data on the illegal Dark Web marketplace "The Real Deal" for 5 Bitcoins (roughly $2,200), has spoken to Motherboard, confirming these logins come from the 2012 data breach.

Since the passwords have been initially encrypted with the SHA1 algorithm, with "no salt," it just took 'LeakedSource', the paid search engine for hacked data, 72 hours to crack roughly 90% of the passwords.

Troy Hunt, an independent researcher who operates "Have I Been Pwned?" site, reached out to a number of the victims who confirmed to Hunt that the leaked credentials were legitimate.

The whole incident proved that LinkedIn stored your passwords in an insecure way and that the company did not make it known exactly how widespread the data breach was at the time.

In response to this incident, a LinkedIn spokesperson informs that the company is investigating the matter.

In 2015, Linkedin also agreed to settle a class-action lawsuit over 2012's security breach by paying a total of $1.25 million to victims in the U.S, means $50 to each of them.

According to the lawsuit, the company violated its privacy policy and an agreement with premium subscribers that promised it would keep their personal information safe.

However, now new reports suggest that a total 167 Million LinkedIn accounts were breached, instead of just 6 million.

Assuming, if at least 30% of hacked LinkedIn Accounts belongs to Americans, then the company has to pay more than $15 Million.

Meanwhile, I recommend you to change your passwords (and keep a longer and stronger one this time) and enable two-factor authentication for your LinkedIn accounts as soon as possible. Also, do the same for other online accounts if you are using same passwords on multiple sites.

The FBI and other law enforcement agencies have arrested more than 70 people suspected of carrying out cyber criminal activities associated with one of the most active underground web forums known as Darkode.

Darkode had been in operation since 2007 before law enforcement authorities seized it this week as part of an investigation carried out in 20 different countries.

"We have dismantled a cyber-hornet's' nest...which was believed by many, including the hackers themselves, to be impenetrable," saidU.S. Attorney David J. Hickton.

The crackdown, which the FBI dubbed Operation Shrouded Horizon, was initiated two years ago by its counterparts in Europe, Brazil and law enforcement agencies in more than 20 countries.

So far at least 12 suspects have been arrested in the United States, and around 28 people are known to have been arrested on Tuesday in other countries including Germany, Denmark, the UK, India, Romania, Sweden, and Israel.

According to the Department of Justice, the operation conducted by the authorities was "the largest coordinated international law enforcement effort ever directed at an online cyber-criminal forum."

The Suspects Arrested

Some of the suspects arrested in the United States in association with Darkode include:

Morgan C. Culbertson, 20, from Pittsburgh, with online moniker "Android," allegedly designed and sold a malicious program called Dendroid that steals data from Google Android phones.

Eric L. Crocker, 39, from Binghamton, New York, reportedly made use of a Facebook Spreader to infect Facebook users with botnet malware and sold the botnet to spammers for spreading spam.

Naveed Ahmed, 27, of Tampa, Florida, has been charged with maintaining a spam botnet to victimize millions of cell phone users.

Phillip R. Fleitz, 31, of Indianapolis, has been charged with maintaining a spam botnet to victimize millions of mobile phone users.

Dewayne Watts, 28, of Hernando, Florida, has been charged with maintaining a spam botnet to send spam messages to millions of cell phone users.

Daniel Placek, 27 from Glendale, Wisconsin, has been charged with different conspiracy charges for creating the Darkode forum and enabling the crimes.

Rory Stephen Guidry of Opelousas, Louisiana has also been accused of selling botnet access on Darkode.

This is just the beginning, as the operation is ongoing which will result in more arrests from different countries. In June last year, the authorities took down the GameOver Zeus but the botnet again came into operation with more nasty features just after a month.

$US1 may be a very little amount, but it is enough to buy you a stolen Uber account and free car rides around the city.

Two separate vendors on AlphaBay, a relatively new Dark Web marketplace launched in late 2014, are selling active Uber accounts with usernames and passwords for $1 each, Motherboard reports.

Once purchased, these active Uber accounts let you order up rides using the payment information provided on the file.

Additionally, other sensitive information that comes with the purchase includes partial credit card data (the last four digits and expiration date), trip history, email addresses, phone numbers, and location information of users' home and work addresses.

Over on AlphaBay market, a vendor identified as "Courvoisier" is claiming to sell hacked Uber accounts for $1 each. Under the product listing for 'x1 UBER ACCOUNT - WORLDWIDE TAXI!,' anyone can buy a Uber account anonymously.

Another vendor, identified as ThinkingForward, is giving the similar offer, but for $5 each. “I will guarantee that they are valid and live ONLY. Discounts on bulk purchases,” vendor writes on his product listing.

One of the two vendors reached out by Motherboard claimed to have "thousands" of active Uber accounts for sale, and even provided a sample of them. The seller said to have already sold more than 100 Uber accounts to other buyers.

So far, it is unclear that from where the credentials were stolen. It is believed that Uber’s security was hacked or compromised by the hackers.

However, Uber denies that its servers were hacked and suggested its users to avoid sharing the same login credentials across multiple online sites.

"We investigated [the issue] and found no evidence of a breach," a Uber spokesperson said in a statement. "Attempting to fraudulently access or sell accounts is illegal and we notified the [law enforcement] authorities about this report."

The company also recommended its users to use strong and unique usernames and passwords for their accounts and to avoid re-using the same passwords across multiple sites and services.

On Friday, we reported about the large-scale operation of International raids launched by the FBI and other law enforcement officials in countries around the world to arrest the targeted customers of a popular Remote Administration Tool (RAT) called ‘Blackshades,’ which is designed to take over the remote control of the infected computers and steal information.

The news broke when various announcements on underground forums by hacking group members claimed that FBI especially going after all of them who purchased the hacking tool using PayPal as payment option.

Today, the UK's National Crime Agency announced that the raids took place in more than 100 of countries and they have arrested more than 100 people worldwide involved in the purchasing, selling or using the Blackshades malware.

More than half million computers in more than dozens of countries were infected by this sophisticated malware that has been sold on underground forums since at least 2010 to several thousands people, which cost between 40 and 100 dollars.

The Investigation involved the law enforcement coordination agencies Europol and Eurojust said Monday that authorities raided a total of 359 houses in 13 different European countries, including Austria, Belgium, Britain, Croatia, Denmark, Estonia, Finland, France, Germany, Italy, Moldova, the Netherlands and Switzerland, as well as in the United States, Canada and Chile, and seized cash, firearms, drugs and over 1,100 data storage devices including computers, laptops, mobile phones, routers etc.

“This case is a strong reminder that no one is safe while using the internet, and should serve as a warning and deterrent to those involved in the manufacture and use of this software,” said Koen Hermans, an official representing the Netherlands in the European Union's criminal investigation coordination unit, Eurojust. “This applies not only to victims, but also to the perpetrators of criminal and malicious acts. The number of countries involved in this operation has shown the inherent value in Eurojust’s coordination meetings and coordination centres.”

As we reported in previous article, the Blackshades website (http://bshades.eu/) has now been seized by the FBI.

‘Blackshades’ is a remote administration tool (RAT) and is sold legally around the world but bad intention actors are using the tool as a malware for collecting private information of innocent users, including usernames and passwords for email and Web services, instant messaging applications, FTP clients and lots more.

In worst cases, the malicious program even allows hackers to take remote control of users’ computer and webcam to take photos or videos without the knowledge of the computer owner.

The infected PCs can also be hijacked by the attackers to perform DDoS attacks and other illegal activities without any knowledge of its owner. The program modifies itself in such a way so that it remains elusive for antivirus software.

In 2012, while a very serious and bloody internal war between the government and the opposition forces, the BlackShades RAT was also used to infect and Spy on Syrian activists. However, in 2012, a developer of the Blackshades team was reportedly arrested and during same time the source code of the tool was also leaked on the Internet.

BlackShades tool was actually developed by an IT surveillance and security-based company, who promoted it as a tool for parents to monitor their Children activities and for finding the cheating partners in relationship. But, as usual every weapon could be used for both purposes, killing and saving lives.

Old habits seem to die hard for a hacker, a cyber criminal who masterminded a £15 million fraud was allowed to join a prison IT class and hacked into the jail’s computer system.

Nicholas Webber, serving five years in prison for running an internet crime forum Ghost Market, Which allowed those interested in creating computer viruses, partaking of stolen IDs and enjoying private credit card data to congregate.

Webber had been arrested for using fraudulent credit card details to pay for a penthouse suite at the Hilton Hotel in Park Lane, Central London.

The incident occurred back in 2011, but it only came to light recently "At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the internet or other prison systems would have been possible," A spokesman fοr prison tοƖԁ the Daily Mail reported.

His IT teacher, Michael Fox ,who was employed by Kensington and Chelsea College has now brought a claim for unfair dismissal, saying that it wasn't his fault that Webber ended up in his class. Fox also says he had no idea Webber was a hacker. While the college cleared Fox of committing security breaches, he was made redundant when no alternative work could be found for him.

The hack at the prison triggered a security scare during a lesson but it was not immediately clear what information he managed to access.

THN Deals Store this week brings you the Cybersecurity Certification Mega Bundle, which will walk you through the skills and concepts you need to master three elite cybersecurity certification exams: CISA, CISM, and CISSP [...]

Even if you are considered to be a white hat hacker, you are always still walking a fine line between being a bad guy and a good guy in many people eyes. There are a lot of people out there who believe that there should be no hacking at all being done and everyone who does it should be considered a criminal. Of course that is a very small myopic view of how being a white hat hacker really works but there is always going to be an element of that kind of thought out there. There are just a lot of people out there who believe that if you ban hacking outright that it will never be done. And that is simply just not true and is a pure fantasy.

But if you really want to be a good and effective white hat hacker, then there are some elements about the other side that you should really get to know. If you want to be able to beat your enemies then you should be able to figure out how they operate. It is not enough for you to be able to take a look at their attacks and try to study their patterns. You should be able to get inside the head of your enemy and try to figure why they do the things that they do. Once you are in someone head then you are able to predict what they are going to do and now you are able to play a little offense instead of planning out defense strategies all of the time.

There are several ways that you can try to get inside of the head of a black hat hacker, but the best way is to go where they go online and see what they are talking about. And you can do that through the use IRC and the many black hat forums that are out there. For as good as a lot of these black hat hackers are, they tend to hang out in places that are not considered very secure in the first place. If you are able to join these places and hang out you will be able to see what goes on before a lot of the attacks that you see on the web.

There are of course certain precautions that you want to take before you attempt to take this kind of step. You will want to make sure that you are behind some sort of proxy so that your real IP is not exposed. You will also want to make sure that no one knows that you are someone who works for the other side. As a matter of fact you should not really give out any personal information about yourself.

That includes not talking about your social media accounts and your home life. Even though you might think that you are being sneaky, a smart social hacker will be able to take the information that you have given and find out who you really are. While it does help you learn your enemy by engaging with them, overall you are mostly there to just observe and see how they interact with each other. It is like a spy going into an enemy camp to see what they do all day.

When you are trying to be on the right side of the law and help people secure themselves, then sometimes you have to be willing to mix up with people who are on the other side of the line. Just doing this will help you do your job a lot better.